Categorization

Key Words

Synopsis

This chapter asks the following questions: Are participants in the information and communication markets responding adequately to malware, or are improvements possible? Pointing to a variety of reports that show increases in malicious attack trends, one might conclude that markets are not responding adequately. The analysis revealed a more nuanced picture.

Additional Notes and Highlights

Outline:

Three major categories of externalities
Category 1: No externalities; market participants absorb all the costs of their security decisions.
Category 2: Externalities are created, but they are borne by agents that can manage them.
The ISP example
The case of online financial services
Category 3: Externalities are borne fully by other market participants or by society at large.
The case of lax security by end users Distributional and efficiency effects Survey results on the costs of malwareKey findings